From d9a6e217f9cf5aefd9e9133be16c143b2092d111 Mon Sep 17 00:00:00 2001
From: Tarun Pothulapati <tarunpothulapati@outlook.com>
Date: Tue, 3 Nov 2020 23:45:53 +0530
Subject: [PATCH] nit: return crtExpiry even for External Certs (#5173)

This change updates `FetchExternalIssuerData` to be more like
`FetchIssuerData` and return expiry correctly.

This field is currently not used anywhere and is just done for
consistentcy purposes.

Signed-off-by: Tarun Pothulapati <tarunpothulapati@outlook.com>
---
 pkg/issuercerts/issuercerts.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/pkg/issuercerts/issuercerts.go b/pkg/issuercerts/issuercerts.go
index 02a0a2ece..fdab74d71 100644
--- a/pkg/issuercerts/issuercerts.go
+++ b/pkg/issuercerts/issuercerts.go
@@ -74,7 +74,12 @@ func FetchExternalIssuerData(ctx context.Context, api kubernetes.Interface, cont
 		return nil, fmt.Errorf(keyMissingError, corev1.TLSPrivateKeyKey, "issuer key", k8s.IdentityIssuerSecretName, true)
 	}
 
-	return &IssuerCertData{string(anchors), string(crt), string(key), nil}, nil
+	cert, err := tls.DecodePEMCrt(string(crt))
+	if err != nil {
+		return nil, fmt.Errorf("could not parse issuer certificate: %w", err)
+	}
+
+	return &IssuerCertData{string(anchors), string(crt), string(key), &cert.Certificate.NotAfter}, nil
 }
 
 // LoadIssuerCrtAndKeyFromFiles loads the issuer certificate and key from files